The FBI were able to track down three hackers who pulled off the largest Twitter breach in history because they were ‘extremely sloppy’ with how they moved their Bitcoin transactions around.
Graham Ivan Clark, 17, of Tampa, Florida; Nima Fazeli, 22, of Orlando, Florida; and Mason Sheppard, 19, of Bognor Regis, U.K. have all be charged in relation to the hack, which took place on July 15.
On that date, the men conspired to hijack Twitter accounts belonging to famous figures and companies – including Barack Obama, Kanye West and Uber – before they posted tweets asking for donations to a Bitcoin wallet.
‘I am giving back to my community due to Covid-19. All Bitcoin sent to my address below will be sent back double. If you send $1,000, I will send back $2,000,’ the bogus tweets read.
Authorities say that the hackers netted more than $100,000 in Bitcoin through the illegal scheme.
But the youngsters were easily able to be traced when the FBI subsequently launched their investigation.
Graham Ivan Clark, 17, of Tampa, Florida, is believed to be the mastermind of the July 15 Twitter hack
Former US president Barack Obama, the most followed account on Twitter, was among the high-profile targets used to carry out the Bitcoin scam
Authorities were able to obtain data about the Bitcoin addresses involved in the hack by analyzing blockchain – a ledger that records cryptocurrency transactions.
They then traced the addresses to Coinbase – a digital currency exchange that stores Bitcoin.
Both Fazeli and Sheppard had registered and verified their Coinbase accounts with their real driver’s licences, according to ZNET.
Fazeli also used his home IP address, meaning investigators were able to easily trace his location.
Furthermore, the alleged hackers did not move around the Bitcoin funds they received in a bid to throw detectives off the trail. Such an act is known as ‘tumbling’, and is the digital equivalent of money laundering.
Cybersecurity expert Jake Williams told The Associated Press that their efforts were ‘sloppy’.
‘This is a great case study showing how technology democratizes the ability to commit serious criminal acts,’ Williams stated.
‘There wasn’t a ton of development that went into this attack.’
A British teenager has been charged with hacking the social media site Twitter and stealing thousands of dollars worth of Bitcoin by taking over the accounts of celebrities and business leaders (file photo)
Fellow cybersecurity expert Marcus Hutchins concurred.
‘I think people underestimate the level of experience needed to pull off these kinds of hacks. They may sound extremely sophisticated, but the techniques can be replicated by teens,’ he explained.
Court papers suggest Fazeli and Sheppard only got involved in the scheme on a hacking chatroom after Clark dangled the possibility of taking over Twitter handles of short names such as @anxious and @foreign.
From there, that scam appears to have evolved into the full-scale hijacking of high-profile accounts.
Investigators claim Clark, who only recently finished high school in Florida, was the mastermind of the entire episode.
Twitter has officially stated that the hacker – purported to be Clark- gained access to a company dashboard that manages accounts on July 15.
He did this by using social engineering and spear-phishing smartphones to obtain credentials from ‘a small number’ of Twitter employees to break in to the internal systems.
From there, the hackers targeted 130 accounts. They managed to tweet their bogus tweet from 45 prolific accounts.
They also accessed the direct message inboxes of 36 others, and download the Twitter data from seven separate accoubts.
Dutch anti-Islam MP Geert Wilders has said his inbox was among those accessed.
All three alleged hackers will be tried separately.
Twitter says hackers ‘manipulated’ employees to access 130 accounts
Twitter said that hackers ‘manipulated’ some of its employees to access accounts.
More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.
For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.
Twitter locked down affected accounts and removed the fraudulent tweets. It also shut off accounts not affected by the hack as a precaution.